Portable telephone and access control method

ABSTRACT

A portable telephone is provided for making it possible for the portable telephone to associate terminal devices with each other for flexible access control less expensively and safely by means of the existing infrastructure and the terminal devices. The portable telephone (PT) is comprised of a short distance wireless communication unit ( 210 ) to carry out wireless communication with a key terminal device (KT), an ID associating unit for associating an ID for the key terminal device (KT) with an ID for a service terminal device (ST), a PP and access table memory unit ( 240 ) for storing an access table made out by the ID associating unit, a judging unit ( 230 ) for judging whether or not the ID for the service terminal device (ST) associated with the key terminal device (KT) exists in the access table when the ID for the key terminal device (KT) is input, and a control unit ( 280 ) for controlling the short distance wireless communication ( 210 ) to transmit the held ID to the associated service terminal device (ST) in the case that the judging unit ( 230 ) judges that the ID exists in the access table.

TECHNICAL FIELD

The present invention relates to a mobile phone and access controlmethod of a communication system that performs owner authentication fora device by means of a personal wireless device.

BACKGROUND ART

In recent years, owner authentication (owner checking) for a device bymeans of a personal wireless device has become popular as acountermeasure to theft, illegal use, or loss of an automobile, notebookPC, mobile phone, portable HDD, or suchlike device.

At present, standardization is being promoted for this kind of ownerauthentication by means of a personal wireless device by the SPC (SecurePrivate Cosm) Forum.

SPC is a concept of a secure space in which it is possible for a devicesubject to control that is within a fixed distance from an individualhaving a key to operate, and in concrete terms, is a “technology thatperforms constant authentication using interactive radio communicationbetween objects forming a pair, and makes possible function controlaccording to the distance between objects forming a pair.”

This SPC technology can be expected to be used as a preventive measureagainst theft, illegal use, loss, or the like of vehicles, homes, safes,TVs, PCs, PDAs, cabinets, cards, and so forth.

With SPC technology, for example, an owner's key terminal KT and aservice terminal ST (automobile) that is a device subject to control aremade a pair, as shown in FIG. 8. Then service terminal ST is activatedonly when the pair of terminals comprising key terminal KT and serviceterminal ST are within a predetermined distance. In this case, there isa space around a person in which a device subject to control isactivated by means of key terminal KT, and this space moves when thatperson moves. This is the concept designated SPC.

In a communication system in which key terminal KT (the owner's key) andservice terminal ST (an automobile) are present, as shown in FIG. 8,theft, illegal use, or loss of the automobile can be prevented byreleasing a function restriction on the automobile only within a radiocommunication range in which mutual authentication is possible betweenthe owner's key and the automobile.

That is to say, key terminal KT constantly transmits a specific ID(identifier) ID-K to service terminal ST (the automobile) that is thedevice subject to control.

While receiving ID-K transmitted from key terminal KT—that is, while inan area in which reception of ID-K transmitted from key terminal KT ispossible—the automobile that is service terminal ST has functionrestrictions such as door locking or engine locking released and is in ausable state.

Then, when the automobile that is service terminal ST leaves a receptionarea for ID-K transmitted from key terminal KT, a function such as doorlocking or engine locking operates, and the automobile enters anunusable state.

Thus, in access control in a communication system that performs ownerauthentication by means of a personal wireless device, theft, illegaluse, or loss of an the automobile that is service terminal ST isprevented by controlling the doors or engine of that automobileaccording to the distance between the owner's key terminal KT andservice terminal ST.

Currently known technologies based on this kind of SPC concept include“device use restricting apparatuses” described in Patent Document 1 andPatent Document 2, and a “communication system” described in PatentDocument 3.

The “device use restricting apparatus” described in Patent Document 1implements a device use restriction according to a fixed condition inorder to prevent use of a device by a non-owner or a person other thanan administrator.

This “device use restricting apparatus” is equipped with a transmittingapparatus and a receiving apparatus, and the transmitting apparatustransmits an unique code at a fixed strength. The receiving apparatus isinstalled in a device, and stops operation of the device if unable toreceive a transmission code from the transmitting apparatus. Thus, withthis “device use restricting apparatus”, two terminals continually sendIDs to each other at a fixed strength, and perform function stoppage ifthe reception strength degrades.

The “device use restricting apparatus” described in Patent Document 2notifies a user of function stoppage as an addition to the technology ofPatent Document 1. That is to say, this “device use restrictingapparatus” stops device operation and also issues a warning signal ifunable to receive a transmission code from the transmitting apparatus.

The “communication system” described in Patent Document 3 determines theposition of a terminal that is accessible only within a predeterminedarea, and performs access control (by means of a wireless LAN) accordingto the position of the terminal. With this “communication system”, anaccess area can be set to any range, and does not depend on theinstallation location of a server that performs access authentication.

This kind of system can also perform owner checking in the same way fora relationship between an automobile and a key, a key and the front doorof a house, and so forth.

Patent Document 1: Japanese Patent Application Laid-Open No. HEI9-233542

Patent Document 2: Japanese Patent Publication No. 2931276 PatentDocument 3: Japanese Patent Application Laid-Open No. 2003-244884DISCLOSURE OF INVENTION Problems to be Solved by the Invention

A communication system will be assumed, as shown in FIG. 9, for example,in which a mobile phone is a personal authentication device (personalterminal PT), and is in a central position between a wearable key unit(key terminal KT) and an automobile that is a device subject to control(service terminal ST).

In access control based on the SPC concept, the mobile phone (personalterminal PT) and wearable key unit (key terminal KT), and the mobilephone (personal terminal PT) and automobile (service terminal ST), eachform a pair, and authentication is performed only between the respectivepairs.

Also, in access control based on the SPC concept, mutual authenticationis not possible unless the IDs of the terminals are registeredbeforehand.

Therefore, when access control is performed in a communication system inwhich personal terminal PT is in a central position between key terminalKT and service terminal ST, as described above, installation of an IDmanagement center and pairing apparatus 900 as new authenticationinfrastructure becomes necessary in order to manage the authenticationIDs of the terminals, which is expensive.

Without such authentication infrastructure comprising an ID managementcenter and pairing apparatus 900, only limited utilization would bepossible, with key terminal KT registered and used in a personal mobilephone (personal terminal PT) and automobile (service terminal ST), forexample.

Also, with a conventional access control method, twoauthentications—between key terminal KT and a mobile phone (personalterminal PT), and between a mobile phone (personal terminal PT) and anautomobile (service terminal ST) that is a device subject to control—areindependent, and the mutual relationship between key terminal KT and theautomobile (service terminal ST) has not been considered.

Consequently, with a conventional access control method, when serviceterminal ST is an automobile, for example, it is not possible to performcontrol such that a door of the automobile can be opened by means of keyterminal KT possessed by a child, but the engine cannot be started.

Also, with a conventional access control method, when service terminalST is the front door of a house, it is not possible to perform controlsuch that only the owner of key terminal KT can open the front door.

Thus, an inconvenience of a conventional access control method is thatcontrol cannot be performed by associating key terminal KT and serviceterminal ST with each other.

Also, with a conventional access control method, since authenticationsbetween individual terminals are independent, it is possible that asecurity hole may be created, and a device subject to control may beactivated even though authentication fails or does not operate properly,causing a problem in regard to safety.

Furthermore, with a conventional access control method, there are noclear rules for a case in which key terminal KT and service terminal ST(a device subject to control) are associated. For example, managementresponsibility capability for key terminal KT and service terminal STdiffers for a child and an adult, but clear rules have not beenestablished for such cases.

Moreover, with a conventional access control method, there are no clearrules for a case in which a plurality of key terminals KT simultaneouslyaccess a mobile phone (personal terminal PT).

Also, with a conventional access control method, there are no clearrules for a case in which a plurality of mobile phones (personalterminals PT) access a device subject to control (service terminal ST).

Furthermore, with a conventional access control method, there are noclear rules for a case in which the ID of each terminal has variousconditions or attributes, as in a case in which a condition or attributesuch as a period of validity or authorization is assigned to the ID ofeach terminal, for example.

Thus, a problem with a conventional access control method is thatflexible access control cannot be performed because access control rulesare unclear.

It is an object of the present invention to provide a mobile phone andaccess control method that enable access control to be performedflexibly by associating terminals with each other by means of a mobilephone inexpensively and safely using existing infrastructure andterminal apparatuses.

Means for Solving the Problems

A mobile phone of the present invention performs, between a devicesubject to control for which a function restriction is released byreceiving a predetermined code signal and a control terminal thattransmits a unique code signal for releasing a function restriction ofthe device subject to control, access control of the control terminaland the device subject to control, and has: a radio communicationsection that performs radio communication with the control terminal andthe device subject to control; an access table creating section thatcreates an access table that associates an ID of the control terminalwith an ID of the device subject to control; an access table storagesection that stores the access table created by the access tablecreating section; a determining section that, when an ID of the controlterminal is input via the radio communication section, determineswhether or not an ID of the device subject to control associated with anID of the control terminal is in the access table; and a control sectionthat, when an ID of the device subject to control associated with an IDof the control terminal is determined by the determining section to bein the access table, controls the radio communication section so as totransmit a held ID to the device subject to control associated with thecontrol terminal.

An access control method of the present invention performs, between adevice subject to control for which a function restriction is releasedby receiving a predetermined code signal and a control terminal thattransmits a unique code signal for releasing a function restriction ofthe device subject to control, access control of the control terminaland the device subject to control by means of a mobile phone, and has: aradio communication step of performing radio communication with thecontrol terminal and the device subject to control; an access tablecreating step of creating an access table that associates an ID of thecontrol terminal with an ID of the device subject to control; an accesstable storage step of storing the access table created in the accesstable creating step; a determining step of, when an ID of the controlterminal is input in the radio communication step, determining whetheror not an ID of the device subject to control associated with an ID ofthe control terminal is in the access table; and a control step of, whenan ID of the device subject to control associated with an ID of thecontrol terminal is determined to be in the access table in thedetermining step, controlling the operation of the radio communicationstep so as to transmit a held ID to the device subject to controlassociated with the control terminal.

ADVANTAGEOUS EFFECT OF THE INVENTION

According to the present invention, access control can be performedflexibly by associating terminals with each other by means of a mobilephone inexpensively and safely using existing infrastructure andterminal apparatuses.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a schematic configuration diagram showing a sampleconfiguration of a communication system in which an access controlmethod according to an embodiment of the present invention is applied;

FIG. 2 is a block diagram showing the configuration of a communicationsystem in which an access control method according to an embodiment ofthe present invention is applied;

FIG. 3 is a block diagram showing the configuration of a mobile phoneused in an access control method according to an embodiment of thepresent invention;

FIG. 4 is a drawing showing an access table of a mobile phone used in anaccess control method according to an embodiment of the presentinvention;

FIG. 5 is a drawing showing another access table of a mobile phone usedin an access control method according to an embodiment of the presentinvention;

FIG. 6 is an explanatory drawing of a terminal pairing method in anaccess control method according to an embodiment of the presentinvention;

FIG. 7 is a sequence diagram showing an access control method accordingto an embodiment of the present invention;

FIG. 8 is an explanatory drawing for explaining a concept of ownerauthentication by means of a personal wireless device for a conventionaldevice; and

FIG. 9 is a conceptual diagram for explaining an access control methodof a conventional communication system.

BEST MODE FOR CARRYING OUT THE INVENTION

An embodiment of the present invention will now be described in detailwith reference to the accompanying drawings. In the drawings,configuration elements and equivalent parts that have identicalconfigurations or functions are assigned the same reference codes, anddescriptions thereof are not repeated.

FIG. 1 is a schematic configuration diagram showing a sampleconfiguration of a communication system in which an access controlmethod according to an embodiment of the present invention is applied.

As shown in FIG. 1, communication system 100 in which an access controlmethod of this example is applied is composed of key terminal KT,personal terminal PT, personal-cum-service terminals PST, serviceterminal ST, and so forth.

In FIG. 1, key terminal KT serving as a control terminal is a key,finger ring, card, or the like, and holds ID-K, which is itsauthentication ID, and key policy KP.

Personal terminal PT is a mobile phone, and holds ID-P, which is itsauthentication ID, and personal policy PP.

Personal-cum-service terminal PST is a notebook PC or the like, andholds ID-PS, which is its authentication ID, and personal-cum-servicepolicy PSP.

Service terminal ST serving as a device subject to control is an accesspoint (server) or the like, and holds ID-S, which is its authenticationID, and service policy SP.

Thus, a policy is set in each of key terminal KT, personal terminal PT,personal-cum-service terminal PST, and service terminal ST.

With SPC, in the case of communication system 100 such as describedabove, key terminal KT constantly transmits ID-K to personal terminalPT.

Personal terminal PT checks whether or not key terminal KT transmittingID-K is within a fixed distance, whether or not a received ID matchesID-K of a specific key terminal KT registered beforehand, whether or notanother condition is satisfied, and so forth.

Then, if an above check condition is satisfied, personal terminal PTsends its own ID-P to service terminal ST.

By this means, a function of service terminal ST is turned on (forexample, automobile door locking is released).

Here, with SPC, if an above check condition is satisfied, personalterminal PT constantly transmits its own ID-P to service terminal ST.SPC includes a mechanism such that this kind of ID is not showndirectly, but continuously sending an ID to an unrelated terminal aswell cannot be said to be desirable from a security standpoint.

Thus, in the access control method of this example, personal terminal PTtransmits its own ID-P to service terminal ST only when it receives ID-Ktransmitted from key terminal KT of a specific person and its functionis on.

A person to whom service is scheduled to be provided is registered inservice terminal ST beforehand.

Service terminal ST checks ID-P transmitted from personal terminal PT,and provides service.

Personal-cum-service terminal PST is not indispensable one only forperforming mediation, and a plurality of stages of Personal-cum-serviceterminals PST may also be provided.

Also, a plurality of key terminals KT are envisaged—for private use,office use, parents' use, children's use, superiors' use, subordinates'use, and so forth—with minimum service being provided in accordance withkey policy KP. Minimum service means information display (a warning orthe like), function on/off setting, and so forth.

Key policy KP can set a reception information type and connectedpersonal terminal PT, but since the key terminal KT is oftenlow-functionality, there is no problem with transmitting an IDconstantly without being aware of the connection destination. Also,there is no problem if the key policy KP is set at the time of shipmentand cannot be changed.

Personal terminal PT provides a subordinate service in accordance withpersonal policy PP. A subordinate service is an auxiliary service formain service that performs a main service operation, and so forth.

Personal policy PP sets a reception information type, transmissioninformation type, connected key terminal KT, personal-cum-serviceterminal PST and service terminal ST, release function type, and releaseconditions (distance, charge, other context, and so forth).

Personal-cum-service terminal PST mediates a main service (referencesservice terminal ST) in accordance with personal-cum-service policy PSP.

Personal-cum-service policy PSP sets a reception information type,transmission information type, connected key terminal KT/personalterminal PT/personal-cum-service terminal PST/service terminal ST,mediation contents, and mediation conditions (distance, other context,and so forth).

Service terminal ST provides a main service in accordance with servicepolicy SP. A main service is an ultimately provided service, being apersonally owned apparatus (automobile, home, or the like) or a publicapparatus (access point, or the like).

Service policy SP sets a connected key terminal KT and service terminalST, key terminal KT and service terminal ST attributes, provisioncontents (function type, period, and so forth), provision object (range,quantity, priority, and so forth), and provision conditions (charge,payment method, other context, and so forth).

Next, the configuration of communication system 100 in which an accesscontrol method of this example is applied will be described. FIG. 2 is ablock diagram showing the configuration of a communication system inwhich an access control method according to an embodiment of the presentinvention is applied, and FIG. 3 is a block diagram showing theconfiguration of a mobile phone used in an access control methodaccording to an embodiment of the present invention.

As shown in FIG. 2, communication system 100 in which an access controlmethod of this example is applied is composed of key terminal KT,personal terminal PT, and service terminal ST.

In FIG. 2, key terminal KT is equipped with ID and ID supplementalinformation storage section 110, KP and access table storage section120, determining section 130, control section 140, short-distance radiocommunication section 150, and minimum service providing section 160.

Personal terminal PT is equipped with short-distance radio communicationsection 210, operation section 220, determining section 230, PP andaccess table storage section 240, ID and ID supplemental informationstorage section 250, authentication section 260, subordinate serviceproviding section 270, and control section 280.

Service terminal ST is equipped with short-distance radio communicationsection 310, service providing section 320, ID and ID supplementalinformation storage section 330, SP and access table storage section340, determining section 350, and control section 360. Also, as shown inFIG. 3, control section 280 of personal terminal PT is equipped with IDswitching section 281, ID associating section 282, and ID transmissionrestricting section 283, as elements differing from conventional PSC.

Communication system 100 in which an access control method of thisexample is applied may also be equipped with personal-cum-serviceterminals PST as shown in FIG. 1. Like personal terminal PT, such apersonal-cum-service terminal PST is equipped with short-distance radiocommunication section 210, operation section 220, determining section230, ID and ID supplemental information storage section 250,authentication section 260, and control section 280. Also,personal-cum-service terminal PST is equipped with a “service mediationsection” instead of subordinate service providing section 270 ofpersonal terminal PT, and a “PSP and access table storage section”instead of PP and access table storage section 240 of personal terminalPT.

In FIG. 2, key terminal KT and service terminal ST are the same as inthe case of SPC.

Communication system 100 differs from an SPC communication system inthat a mobile phone serving as personal terminal PT is equipped with PPand access table storage section 240 and ID and ID supplementalinformation storage section 250, and control section 280 is equippedwith ID switching section 281, ID associating section 282, and IDtransmission restricting section 283.

That is to say, with conventional SPC, many ID-Ks are transmitted fromaccess counterpart key terminal KT to service terminal ST, but keyterminal KT and service terminal ST are not separated and their mutualrelationship is not clear.

With conventional SPC, key terminal KT constantly transmits ID-K, andservice terminal ST that receives ID-K from key terminal KT has all itsfunctions made valid.

In contrast, with the access control method of this example, an accesstable (see FIG. 4 and FIG. 5) in which the relationship between personalterminal PT (a mobile phone), and key terminal KT and service terminalST, is written is stored in PP and access table storage section 240 ofpersonal terminal PT.

Also, in the access control method of this example, control is performedso that personal terminal PT (a mobile phone) transfers a necessary ID-Pto service terminal ST when a preset condition is satisfied.

Furthermore, in the access control method of this example, control isperformed so that, for ID-P transferred to service terminal ST, also,personal terminal PT (a mobile phone) transfers an ID with a period ofvalidity or an ID for attribute information alone that does not identifyan individual, only when necessary.

Here, when an individual is identified, it is fundamentally necessary tonewly provide authentication infrastructure for identifying anindividual, but newly providing such authentication infrastructureincreases the cost of a system.

Thus, in the access control method of this example, control is performedso that an ID stored in a UIM (User Identity Module) incorporatedbeforehand in a mobile phone serving as personal terminal PT, an IDstored in a FeliCa (registered trademark), or the like, is assigned asauthentication infrastructure.

Thus, with the access control method of this example, service qualityhas been improved by changing the method of control.

That is to say, in the access control method of this example, an ID thatis transferred to a communicating party is switched by ID switchingsection 281 of control section 280 of personal terminal PT.Specifically, an ID that is transmitted is selected from an access tablestored in PP and access table storage section 240 and a received ID, andan ID that is transferred to a communicating party is switched.

Also, with the access control method of this example, a received ID isassociated (paired) with a transmission counterpart by ID associatingsection 282 of control section 280 of personal terminal PT.Specifically, ID-K of key terminal KT and ID-S of service terminal STare linked and entered in an access table stored in PP and access tablestorage section 240.

With an access control method such as described above, if the same IDcontinues to be used, there is a risk of the ID being traced anddecrypted by a third party.

Thus, in the access control method of this example, a mechanism may beintroduced to prevent a third party from easily acquiring an ID, such asby changing an ID each time using a one-time password system, orencrypting an ID by means of a stochastic code and transmitting it asdifferent encrypted text each time.

In the access control method of this example, electronic money may beutilized by means of a noncontact IC such as FeliCa (registeredtrademark) for charging a user for use of service terminal ST.

Also, in the access control method of this example, charging a user foruse of service terminal ST may be implemented by having service terminalST charge an ID-P account via a backbone.

Also, in the access control method of this example, a noncontact ICelectronic money backbone infrastructure provider or mobile phoneoperator charging system may be utilized for charging a user for use ofservice terminal ST.

Also, in the access control method of this example, provision may bemade for key terminal KT and service terminal ST to perform chargingprocessing by means of electronic money directly.

Also, in the access control method of this example, control may beperformed so that, when service terminal ST provides public wireless LANspot service, use of a wireless LAN becomes possible within range of apredetermined access point after electronic money payment by means of anoncontact IC or the like by service terminal ST and key terminal KT.

As described above, in the access control method of this example, keyterminal KT and service terminal ST, which is a device subject tocontrol, are associated with each other by means of a mobile phone,which is personal terminal PT.

In the access control method of this example, an ID or confidentialinformation of a User Identity Module, which is existing authenticationinfrastructure, is associated with ID-P of personal terminal PT in amobile phone serving as personal terminal PT.

Personal terminal PT (a mobile phone) in the access control method ofthis example communicates with key terminal KT and service terminal ST(a device subject to control), stores an access table containing arelationship thereof in PP and access table storage section 240, and onreceiving ID-K of key terminal KT entered in the access table, transmitsits own ID-P to service terminal ST.

In the access control method of this example, a plurality of apparatusesfor which connection is possible, a release function and releasecondition, and an ID and record priority may be set in the access tablestored in PP and access table storage section 240, as shown in FIG. 5,and attribute information and a period of validity may be defined for anID.

In SPC technology, it is necessary to newly install a pairing apparatusthat performs ID registration for each terminal in order to associatethe IDs of terminals that communicate with each other.

In the access control method of this example, a pairing apparatus is notnewly installed, and a mobile phone that is personal terminal PT is usedas a pairing apparatus.

ID registration by directly connecting terminals by means of a serialcable, USB cable, or the like, can be conceived of as an actual pairingmethod, but carrying such a cable around for pairing is impractical.

Therefore, the use of a short-distance radio technology such as NFC(Near Field Communication) or Bluetooth is desirable as this pairingmethod. However, with Bluetooth, a pairing counterpart is difficult toidentify since the communication distance is long. On the other hand,NFC has a short communication distance, and can therefore be said to bean effective means of communication from the standpoint of ease ofidentifying a pairing counterpart.

A UIM (User Identity Module) or suchlike IC card, or a memory card, canbe used for this pairing (associated registration of IDs). In practicalterms, the use of a memory card is more efficient since inserting andremoving a UIM is laborious.

If a noncontact IC is used for pairing, a service terminal ST RW(reader/writer) writes service policy SP and ID-S to a noncontact IC ofpersonal terminal PT, and reads personal policy PP and ID-P stored inthe noncontact IC beforehand.

If NFC is used for pairing, a service terminal ST RW writes servicepolicy SP and ID-S to personal terminal PT, and a personal terminal PTRW writes personal policy PP and ID-P to service terminal ST (either maybe performed first). Thus, when NFC is used for pairing, it is assumedthat there is also an RW function on the mobile phone (i.e. personalterminal PT) side.

In the access control method of this example, registration of eachterminal's ID and policy is permitted only after authentication via anoncontact IC. When a noncontact IC is used for pairing in this way,combined use with charging by means of electronic money is effective.

Next, the procedure of a pairing method using a memory card will bedescribed. Here, a description will be given of a procedure forassociating a wearable key unit (key terminal KT) with an automobile(service terminal ST) that is a device subject to control, centered on amobile phone (personal terminal PT), as shown in FIG. 6.

In FIG. 6, first, in step ST601, memory card 600 is inserted intopersonal terminal PT, and memory card 600 is registered in personalterminal PT. For example, in step ST601, CID, which is the ID of memorycard 600, is set in personal terminal PT (or ID-P of personal terminalPT is recorded in the memory card).

Next, in step ST602, memory card 600 is inserted into key terminal KT,and memory card 600 is registered in key terminal KT.

A case can be envisaged in which there is no memory card 600 slot in keyterminal KT. In this case, it is assumed that setting is completed whenthe product is purchased. Alternatively, setting may be performed bymeans of radio used by SPC. As another alternative, input may beperformed directly by means of key input from personal terminal PT.

Also, in step ST602, ID-K of key terminal KT is recorded in memory card600. Here, if key terminal KT has memory, the ID of memory card 600(CID) or ID-P of personal terminal PT is set in key terminal KT in thememory of key terminal KT.

Next, in step ST603, memory card 600 is inserted into service terminalST, and memory card 600 is registered in service terminal ST. Serviceterminal ST reads and stores CID (or ID-P) from memory card 600. Amethod whereby ID-K is registered directly is also possible. Also, instep ST603, ID-S of service terminal ST is recorded in memory card 600.

Next, in step ST604, memory card 600 in which ID-K of key terminal KTand ID-S of service terminal ST have been recorded is inserted intopersonal terminal PT, and an ID is read from memory card 600. Then ID-Kof key terminal KT and ID-S of service terminal ST are set in personalterminal PT.

Next, in step ST605, personal terminal PT records ID-K of key terminalKT and ID-S of service terminal ST in an access table, associated withCID of memory card 600 (or ID-P of personal terminal PT).

Then personal terminal PT performs access control using the access tablein which the IDs of the terminals are associated. That is to say,personal terminal PT receives ID-K of key terminal KT and transmits ID-Pof personal terminal PT to service terminal ST. Also, personal terminalPT receives ID-S of service terminal ST and transmits ID-P of personalterminal PT to key terminal KT.

Here, if ID-K permitted by personal policy PP is at a distance permittedby personal policy PP and also satisfies another condition required bypersonal policy PP, a function of personal terminal PT specified bypersonal policy PP is on, and ID-S of service terminal ST can bereceived, personal terminal PT transmits ID-P to only service terminalST permitted by personal policy PP.

Another condition required by personal policy PP refers, for example, toa check of a context other than distance, conflict resolution when aplurality of key terminals KT are detected, or the like.

Also, if ID-P permitted by service policy SP is at a distance permittedby service policy SP and also satisfies another condition required byservice policy SP, a function of service terminal ST specified byservice policy SP is on, and it is possible for personal terminal PT tobe able to detect a service, service terminal ST transmits ID-S ofservice terminal ST.

Another condition required by service policy SP refers, for example, toconflict resolution when a plurality of personal terminals PT aredetected, charging processing, or the like.

Next, the access control method of this example will be described. FIG.7 is a sequence diagram showing an access control method according to anembodiment of the present invention.

In FIG. 7, processing that creates the kind of access table shown inFIG. 4 and FIG. 5 is performed in the upper stage, and access controlusing the access table created in the upper stage is executed in thelower stage.

That is to say, as upper stage operations in FIG. 7, pairing of keyterminal KT and personal terminal PT (step ST701), and pairing ofpersonal terminal PT and service terminal ST (step ST702), is performedby means of the above-described pairing method.

With the access control method of this example, basically, an accesstable is created on the mobile phone (personal terminal PT) side that isa personal terminal PT. Here, a key terminal KT side access table is alow-functionality table that only issues a signal. Also, a serviceterminal ST side access table performs a setting as to who is to beprovided with a service.

A mobile phone (personal terminal PT) side access table is a table thatincludes a relationship and control of key terminal KT and serviceterminal ST.

Next, as a lower stage operation in FIG. 7, following access tablecreation, key terminal KT transmits ID-K and ID supplemental informationto personal terminal PT in accordance with key policy KP (step ST703).

On the other hand, service terminal ST transmits ID-S and IDsupplemental information to personal terminal PT (step ST704).

If there is a service matching received ID-K of key terminal KT,personal terminal PT transmits ID-P and ID supplemental information toservice terminal ST (step ST705). If there is no service, personalterminal PT functions as a normal mobile phone.

Service terminal ST confirms ID-P and ID supplemental informationtransmitted from personal terminal PT, releases a function restrictionspecified by service policy SP, and starts service provision.

By this means, a service is transmitted from service terminal ST topersonal terminal PT (step ST706), and a service result is transmittedfrom personal terminal PT to key terminal KT (step ST707). Then keyterminal KT that has received a service result from personal terminal PTdisplays the service result in accordance with key policy KP.

Thus, in the access control method of this example, personal terminal PT(a mobile phone) transmits ID-P of personal terminal PT to serviceterminal ST if there is a previously registered necessary service onlywhen ID-K of key terminal KT arrives.

Also, personal terminal PT (a mobile phone) does not transmit ID-P ofpersonal terminal PT to service terminal ST if a condition is not metand there is no matching even if there is a previously registerednecessary service.

As described above, in the access control method of this example,existing authentication infrastructure—for example, a UIM, FeliCa(registered trademark), or one-time pad (OTP)—is utilized asauthentication infrastructure, and a mobile phone (personal terminal PT)is utilized as a pairing apparatus. Consequently, the access controlmethod of this example does not require authentication infrastructure ora pairing apparatus to be newly installed.

Also, in the access control method of this example, twoauthentications—between key terminal KT and personal terminal PT (amobile phone), and between personal terminal PT (a mobile phone) and anautomobile (service terminal ST) that is a device subject to control—areassociated. Furthermore, in the access control method of this example,key terminal KT, personal terminal PT (a mobile phone), and anautomobile (service terminal ST) that is a device subject to control,are also associated with existing authentication infrastructure.Consequently, in the access control method of this example, there is nolonger a possibility of authentications between terminals beingindependent and a security hole arising, as in the case of conventionalSPC.

Also, in the access control method of this example, flexible accesscontrol items are set, and the problem of the weakness of the accesscontrol method of conventional SPC has been resolved.

That is to say, heretofore, an arrangement has been centered on a mobilephone that is personal terminal PT, and an ID of a person for which amobile phone call is possible is recorded. Also, a wearable key unit,front door, automobile, and so forth, have been checked in parallel in amobile phone table.

Thus, with the access control method of this example, a mobile phone ismade to resemble a pairing apparatus, and a wearable key unit and afront door or automobile ID are respectively paired and stored as a set.That is to say, provision has been made to implement association betweenpreviously parallel wearable key unit and front door and automobile IDs.

Also, with the access control method of this example, a configuration isemployed whereby a mobile phone is provided with an access table inwhich a wearable key unit and front door or automobile ID are recordedas a set.

Thus, with the access control method of this example, a mobile phone, onreceiving ID-K entered in the access table from a wearable key unit (keyterminal KT), checks whether or not there is a front door or automobileID-S forming a pair with the wearable key unit.

Then, if there is a front door or automobile ID-S forming a pair withthe wearable key unit, the mobile phone transmits its own ID-P to thepaired front door or automobile.

Consequently, with the access control method of this example,authentications of devices subject to control previously performed in adisparate manner can be linked together by a mobile phone.

Thus, with the access control method of this example, personal terminalPT performs key terminal KT, personal-cum-service terminal PST, andservice terminal ST association (pairing).

Also, personal terminal PT communicates with key terminal KT,personal-cum-service terminal PST, and service terminal ST, and storesthe respective relationships in an access table.

Then, on receiving ID-K entered in the access table, personal terminalPT transmits its own ID-P.

Here, if transmission destinations are restricted, personal terminal PTtransmits its own ID-P only when a transmission destination ID-P or ID-Sis received.

By this means, personal terminal PT can restrict unnecessary ID-Ptransmissions, and can achieve improved safety and lower powerconsumption.

Some mobile phones contain UIM or FeliCa (registered trademark) existingauthentication infrastructure.

Thus, with communication system 100 of this example in which such amobile phone is used as personal terminal PT, personal terminal PTtransmits ID-P when ID-K arrives from key terminal KT, but a secret keysuch as a UIM ID or a FeliCa (registered trademark) IDm is utilized asan ID transmitted at this time. A secret key cannot be transmitted as itis, and therefore challenge/response specifications undergo STP (ID-S)conversion to service provider specifications.

Also, a one-time pad token of a one-time pad (OTP) used as a bankfishing countermeasure may be used as an ID transmitted by personalterminal PT. With a one-time pad token, a server performs synchronizedchanging of a numeric or suchlike password automatically on a time ornumber-of-times-used basis.

Also, with the access control method of this example, software for tokenoperation may be pre-installed in a mobile phone. This makes a separatetoken unnecessary, and enables an ID issued by a token to be transmittedby the mobile phone and used as ID-P of personal terminal PT.

Thus, with the access control method of this example, personal terminalPT associates an existing authentication infrastructure ID orconfidential information with ID-P, and uses an existing authenticationinfrastructure ID or confidential information as a secret keycorresponding to ID-P used in authentication, between personal terminalPT and personal-cum-service terminal PST, and between personal terminalPT and service terminal ST, respectively.

Here, only an existing authentication infrastructure ID is transmittedin the case of simple authentication, while authentication is performedcryptically with an existing authentication infrastructure secret key inthe case of rigorous authentication.

Specifically, UIM-ID of a UIM, a telephone number, a secret key in aUIM, or the like, is used as existing authentication infrastructure.Alternatively, a FeliCa (registered trademark) ID, a secret key in aFeliCa, or the like, is used as existing authentication infrastructure.Also, a one-time pad (OTP) user ID, password, or the like, may be usedas existing authentication infrastructure.

Key terminal KT may also double as a token. For example, time-varyingOTPi obtained from key terminal KT may be used as a secret key.

Also, service terminal ST and key terminal KT may be provided with softtoken. That is to say, OTPi from software may be used as a secret key.

With the access control method of this example, a terminal for whichconnection is permitted is registered beforehand in a mobile phonetable. Key terminal KT as a host device, and service terminal ST as asubordinate device, set what is permitted.

Also, with the access control method of this example, what kind ofbehavior is permitted is set in a mobile phone table. For example, witha FeliCa (registered trademark) fee-based service, a setting is made sothat an ID is transmitted after 500 yen has been charged.

In radio communication, record signals from a plurality of key terminalsKT are transmitted simultaneously. Thus, with the access control methodof this example, which record signal is to be given priority forprocessing is set in a mobile phone table. For example, a setting ismade in the table indicating which ID-K is to be received with prioritywhen a plurality of ID-Ks for a house front door key, automobile key, orthe like, are received, or indicating that an ID-K transmitted by anadult is to be received with priority when ID-Ks are transmittedsimultaneously by a child and an adult.

In the access control method of this example, provision may also be madefor personal-cum-service terminal PST to set a service mediationcondition. For example, provision may be made for the mediated contents,distance, and counterparty to be restricted.

With the access control method of this example, provision may also bemade for a connectable number of apparatuses to be set in personalterminal PT and service terminal ST access tables. It is assumed thatAND, OR, NOR, and suchlike settings would also be possible.

With the access control method of this example, provision may also bemade for a release function and release condition to be set in keyterminal KT, personal terminal PT, and service terminal ST accesstables. It is assumed that AND, OR, NOR, and suchlike settings wouldalso be possible. Release conditions include location time, remainingbattery capacity, a motion sensor, a charging completion flag, and soforth.

With the access control method of this example, provision may also bemade for an ID and record priority to be set in personal terminal PT andservice terminal ST access tables. It is assumed that such a settingwould also be possible simultaneously and at the time of interruptaccess.

With the access control method of this example, provision may also bemade for an ID to be given two kinds of characteristics—an attribute anda period of validity.

With SPC, individual identification is performed by means of an ID.However, there are many cases in which adequate owner authentication ispossible if an attribute of an organization to which a person belongs orthe like is known, even if an actual individual is not identified, as inthe case of a company, for example. Further, a service requires only anattribute such as a charge for one-month.

Thus, with the access control method of this example, giving an ID twokinds of characteristics—an attribute and a period of validity—enablesusage time to be assigned or a used function to be restricted accordingto the kind of attribute. In addition, an attribute may also be added toan individual ID in communication system 100 of this example (or anattribute alone may be used).

With the access control method of this example, an attribute and periodof validity are defined for an ID (these being called ID supplementalinformation). By defining an attribute for an ID in this way, functionprovision can be implemented according to an attribute of an employee,organization, position, or the like, without identifying an individual.

By this means, attribute-based control such as time-sharing (assignmentof usage time in line with an attribute), exclusive control(prioritization or forced interruption according to an attribute),usable function control (determination of a usable function in line withan attribute), and so forth, becomes possible in the access controlmethod of this example.

Also, with the access control method of this example, defining a periodof validity for an ID (specifying a period of validity of an ID) enablesan ID that is valid for only one day to be issued as a fee-basedservice. Here, defining ID supplemental information is assumed to entailadding information to an individual ID or separately holding anattribute ID. It is assumed that it is possible to specify behavior foran unauthorized ID. If an unauthorized ID is detected, a warning isissued (for example: collision prevention).

Thus, the access control method of this example enables ownerauthentication to be implemented at low cost by using existinginfrastructure and existing apparatuses. That is to say, with the accesscontrol method of this example, an ID of conventional existinginfrastructure can be used as a switched ID, and the kind of provisionsrequired in the case of SPC infrastructure are not necessary, enablingcommunication system 100 to be configured inexpensively.

Furthermore, since the access control method of this example associatesindividual authentications by means of a mobile phone, individualinformation need only be transferred when necessary by switching IDaccording to service, improving safety.

Also, since the access control method of this example provides accesstable and ID expansion, various access control conditions can be set,and a variety of services are made possible.

Moreover, since the access control method of this example associates keyterminal KT with service terminal ST by means of personal terminal PT,it is not necessary to transmit an ID constantly, enabling power to besaved and safety to be improved. That is to say, with SPC a code signalis continuously issued at all times, whereas with the access controlmethod of this example a required ID is issued only when necessary.Also, with the access control method of this example, whether or not anID is issued is decided according to circumstances, and an issued ID isalso switched according to the counterparty.

INDUSTRIAL APPLICABILITY

An access control method according to the present invention enablesaccess control to be performed flexibly by associating terminals witheach other by means of a mobile phone inexpensively and safely usingexisting infrastructure and terminal apparatuses, and is thereforesuitable for use as an access control method and in a portable terminalapparatus of a communication system that performs owner authenticationfor a device by means of a personal wireless device.

1. A mobile phone that performs, between a device subject to control forwhich a function restriction is released by receiving a predeterminedcode signal and a control terminal that transmits a unique code signalfor releasing a function restriction of the device subject to control,access control of the control terminal and the device subject tocontrol, the mobile phone having: a radio communication section thatperforms radio communication with the control terminal and the devicesubject to control; an access table creating section that creates anaccess table that associates an ID of the control terminal with an ID ofthe device subject to control; an access table storage section thatstores the access table created by the access table creating section; adetermining section that, when an ID of the control terminal is inputvia the radio communication section, determines whether or not an ID ofthe device subject to control associated with an ID of the controlterminal is in the access table; and a control section that, when an IDof the device subject to control associated with an ID of the controlterminal is determined by the determining section to be in the accesstable, controls the radio communication section so as to transmit a heldID to the device subject to control associated with the controlterminal.
 2. The mobile phone according to claim 1, wherein the held IDis an ID that identifies a mobile phone.
 3. The mobile phone accordingto claim 1, wherein an ID identifying a mobile phone is sent as the heldID when an own ID is transmitted only when a mobile phone receives an IDof a device subject to control stored in an access table associated withan ID of a control device.
 4. The mobile phone according to claim 1,wherein the held ID is an ID that identifies an IC card held by a mobilephone or an ID stored in an IC chip.
 5. The mobile phone according toclaim 1, wherein a connectable number of devices subject to control, arelease function of the device subject to control, a release conditionof the release function, an ID and record priority, are set, andattribute information and a period of validity of the ID are defined, inthe access table.
 6. An access control method that performs, between adevice subject to control for which a function restriction is releasedby receiving a predetermined code signal and a control terminal thattransmits a unique code signal for releasing a function restriction ofthe device subject to control, access control of the control terminaland the device subject to control by means of a mobile phone, the accesscontrol method having: a radio communication step of performing radiocommunication with the control terminal and the device subject tocontrol; an access table creating step of creating an access table thatassociates an ID of the control terminal with an ID of the devicesubject to control; an access table storage step of storing the accesstable created in the access table creating step; a determining step of,when an ID of the control terminal is input in the radio communicationstep, determining whether or not an ID of the device subject to controlassociated with an ID of the control terminal is in the access table;and a control step of, when an ID of the device subject to controlassociated with an ID of the control terminal is determined to be in theaccess table in the determining step, controlling operation of the radiocommunication step so as to transmit a held ID to the device subject tocontrol associated with the control terminal.